A new computer architecture idea for internet money is proposed. It is
called Silicoin because it exists on batches of silicon integrated
circuits to ensure trustworthiness for spending coins of money. A
Xilinx FPGA (field programmable gate array) uses anti-fuses to produce
a record of spent money. In this way, money cannot be spent twice.
This anti-fuse technology cannot be erased and re-programmed. Those
Silicoin ICs send internet messages to spend money on distant Silicoin
ICs. The miniaturization of logic circuits produces a barrier to
thieves who may try to steal money from a Silicoin IC that is sold for
USB connectors. It is planned that the ideas of VISTI will be used for
the logic design (variable instruction set terminus infrastructure).

The Silicoin project was started today, November 7, 2011 by Alan
Folmsbee. The goals include:

1 Inexpensive silicon integrated circuits (IC) to hold Silicoin logic
which is trustworthy
2 Limitations for minting new Silicoin money which is trustworthy and
accepted by distant Silicoins
3 Computer architecture to use open source logic on a Silicoin IC
4 Protocols to prevent duplicate spending of money from a Silicoin
5 Distributed architecture that needs no centralized authority
6 Small, localized databases that do not need to be evaluated by every
Silicoin on the web
7 Cryptographic security that uses fast calculations lasting less than
two seconds in 201l hardware
8 Protocol for converting products into newly minted money.
9 Silicoin : name Copyright 2011 Alan C. Folmsbee

Please add your ideas for goals.

How do you protect against a (malicious) software emulation of a Silicoin (that
can be backed up and restored (thus permitting multiple-spending))?

I presume, then, that the logic has to contain a secret key (secret
from the holder of the coin), if for no other reason than to prove
that it *is* the Silicoin logic, not something trying to fake it.

Sorry, type error: copyright cannot apply to a name.  Neither can
a patent, by the way.

        Stefan

On Nov 7, 12:50 pm, gordonb.je...@burditt.org (Gordon Burditt) wrote:

A secret key is used inside the Silicoin so that software which does
not have the key cannot produce Funimunny in place of Silicoin.

]

Yes, a secret key is in the Silicoin, a key which is so secret that it
is not known to anyone except The Mint. That Mint will be defined in a
later document. Naturally, the USA Dept. of Treasury will be asked to
participate in this Silicoin definition. But their approval is not
required in most countries.

On 07/11/2011 18:38, Globemaker wrote:

You haven't seen folks recover keys by (eg) power analysis, have you?

M
--
Mark "No Nickname" Murray
Notable nebbish, extreme generalist.

On Nov 7, 12:51 pm, Stefan Monnier <monn...@iro.umontreal.ca> wrote:

I believe you. I am retracting this attempt to copyright Silicoin. I
was wrong. I am sorry. I apologize for making that mistake. In the
future I will attempt to file a trademark application paper with the
appropriate authorities in every country in which I expect this
message to not be read.

On 2011-11-07, Stefan Monnier <monn...@iro.umontreal.ca> wrote:

It could be trademarked if it has not already been taken, and if he is
willing to spend the money to do so.

Or look at chips with a scanning tunneling microscope,
or measure electric fields with scanning tunneling potentiometry.

Eric

Los Gatos lab in the first part of the 80s pioneered some of the use of
scanning electron microscope for debugging chips (very close to 30yrs
ago now). When it was built, it was considered one of the best
located/scenic labs in the company ... during the corporate
difficulties, it was sold off and is now housing development.

--
virtualization experience starting Jan1968, online at home since Mar1970

So, in the architecture of this monetary system, there is a unique
Mint, and there can be no other?

Does it permit multiple currencies *each* with a unique Mint, as
in Silicoin-Dollars, Silicoin-Euros, Silicoin-Pesos, and
Silicoin-Quatloos?  How about Silicoin-Airline-Miles?  That would
be more difficult, as in order to load the keys for each mint,
someone would need to know all the keys, or the new Silicoin chips
would have to be passed to each Mint in turn to have its key loaded
before starting to use them.  (Mint keys are, of course, write-once-only,
and there would probably be a small limit (say, a dozen or two) on
mint keys.  And nobody said all Silicoins had to have all mint keys.
They could be loaded with the major currencies and the local ones).

A global key present in the hand of every user of the technology
is difficult to keep secret.  Ask the guys who make satellite and
cable decoders.  What is the plan in case of key compromise?

So how much do you expect a (tamper-resistant) chip to cost, and
how many uses do you expect someone will get out of it?  Since
spending money blows fuses (an irreversible operation), the chips
have a finite life.  Can the chips make change?  E.g. you have a
$500 "coin" in your Silicoin chip, you spend $285.33 with a merchant,
and you end up with a cancelled $500 coin, a new $214.67 coin, and
the merchant ends up with a new $285.33 coin.  (I am presuming no
transaction fees.) Each of you have used up one coin slot in your
chip.  Or is making change more complex than that?  Does the merchant
have to keep around large quantities of penny coins to make change,
and when you get pennies in change, they each use up a slot?

How do you spend part of your $500 coin when it's in the *last*
slot on your Silicoin chip, and you need change?  This is going to
happen even if the chips hold, say, 10000 slots for coins (of any
(reasonable) denomination).

Can you do consumer-to-consumer transfers?  How?  (Two silicoin
chips with male USB connectors won't plug in to each other, and
they won't have power.) I note that some banks are permitting
consumer-to-consumer transfers from checking accounts via mobile
phone.  And there's Paypal.  Most mobile phones aren't prepared to
act as a master for slave USB devices (they act as slave for a PC
acting as master).

How safe is a Silicoin transaction if you have to plug them into a
general-purpose computer (e.g. yours, or one at the brick-and-mortar
store) if the computer might be virus-ridden?  Is there a keyboard
*on the chip*?  If not, how does the chip know the amount of the
transaction?  A virus-ridden PC at a merchant could, for example,
execute the transaction you wanted and also take a coin and transfer
it to a third chip hidden inside the case of the PC.

Sillycoin is actually already trademarked by adacripple...

Dear Gordon, Stefan, Mark, unrah, EricP, Ann and Lynn,
I am happy to read your several intelligent comments and questions.
Thank you. As a first priority, the goal is to produce Internet Cash
denominations which have some superior characteristics when compared
with Bitcoin, Paypal, MasterCard, and paper money.  It also has
vulnerabilities.

When providing cash, some major attributes are:

1 Minted cash is spent without supervision by police.
2 Cash can be lost in a fire or in a local theft.
3 Cash can be spent anonymously or with documentation of credentials.
4 Cash can be exchanged between dollars, euroes, pesos.
5 Non-cash values can use Silicoins for Airline Miles or Organ
Transplant Honors.
6 Counterfeiting can be performed by well equipped industrialists.
(FunniMunni from SiliCoin).

But Silicoin has advantages over paper money or Bitcoin or Credit
Cards

1 Internet Cash can be spent without contacting any authority.
2 Mints from compliant governments can create a root for currency
Exchange (Isle of Man).
3 Silicoin is not software based, so any counterfeiting is more
difficult
4 Silicoin can use any software protocols like Bitcoin PLUS HARDWARE
ADVANTAGES
5 Silicon integrated circuits are harder to copy than paper money

Silicoin has some disadvantages compared to Paypal, Bitcoin, Cash, and
Credit Cards :

1 Silicon chips cost more than software
2 Silicoin cash can be lost or stolen like cash, and no backup files
will restore simple cash
3 Integrated circuits can be microscopically analysed without needing
to print a new copy.

This is not perfect, but it is superior.
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

Next, some individual questions will be answered:

"You haven't seen folks recover keys by (eg) power analysis, have
you?  "

Yes. Power analysis also can be aoided. In particular, this is not a
case of Data Encryption where a 128 bit key is loaded. The Silicoin
Key produces wiring connections on a Xilinx FPGA (or custom IC) and
those wiring connexions are static and they are produced by a
compiler, taking a 128 bit key and the compiler expands that into a
wiring plan that sets anti-fuses.

"Or look at chips with a scanning tunneling microscope,
or measure electric fields with scanning tunneling potentiometry.  "

Yes, you can try that. I used that voltage contrast electron
microscope at Intel in 1984. It is impractical for a 9 metal layer IC
with buried diffused conductors. Cash can be counterfeited. Silicoin
can also be counterfeited, it is just a thousand times harder to do
than for paper $100 bills.

"Los Gatos lab in the first part of the 80s pioneered some of the use
of
scanning electron microscope for debugging chips (very close to 30yrs
ago now)."

Yes. I used electron microscopes to view logic '1' and '0' bits on 6um
metal lines at Intel in 1984. They made progress since then. But IC
metal lines are not 6um now, thay are 0.06um wide and buried uner 8
metal layers. Custom Silicoin chips of the future will bury the key
wires cleverly so voltage contrast will be impractical.

"So, in the architecture of this monetary system, there is a unique
Mint, and there can be no other? "

No. Various nations have their own mints. I want to use the Mint on
The Isle of Man, ruled by a single dictator, but trusted worldwide.

"Does it permit multiple currencies *each* with a unique Mint, as
in Silicoin-Dollars, Silicoin-Euros, Silicoin-Pesos, and
Silicoin-Quatloos?  How about Silicoin-Airline-Miles?  "

Yes. The silicon real-estate is powerful in its digital capabilities.
Memory is cheap.

"That would
be more difficult, as in order to load the keys for each mint,
someone would need to know all the keys, or the new Silicoin chips
would have to be passed to each Mint in turn to have its key loaded
before starting to use them. "

Cryptographic protocol work needs to be done to achieve that lofty
goal. If you were paid enough, maybe you would join The Team.

"What is the plan in case of key compromise? "

You get robbed, just like cash. But an optional re-imbursement
insurance policy is available at a modest fee. Master keys are not on
each chip in any explicit string. Wiring connections are set by
compiled keys. The uniqueness of wirings is a goal.

"So how much do you expect a (tamper-resistant) chip to cost, and
how many uses do you expect someone will get out of it?  "

In 2012, $87 each chip. 10,000 transactions.

"Or is making change more complex than that? "

Exact change only.

"Can you do consumer-to-consumer transfers?  How?  (Two silicoin
chips with male USB connectors won't plug in to each other, and
they won't have power.) "

The deployment of Silicoin will have several phases. At first,
rudimentary sales will be done on PC USB connectors via the internet.
In 2015, a different terminal will be possible, you design a nice for
for us, please. USB will be replaced by future connectors and power
inductors.

"A virus-ridden PC at a merchant could, for example,
execute the transaction you wanted and also take a coin and transfer
it to a third chip hidden inside the case of the PC. "

Good point. Touche'. Let me consider that for tomorrow.

Alan Folmsbee, promoter of Silicoin.

On 07/11/2011 22:26, Globemaker wrote:

Bad guy compromises the scheme, makes a fraudulent substitute that
may be used fraudulently and/or "recharged". Similar attack has been
done on Chip 'n Pin cards, transport cards and electronic ID.

Once the secret's out, there is a DVD/CSS situation; the secret
_stays_ out.

M
--
Mark "No Nickname" Murray
Notable nebbish, extreme generalist.

x9.59 financial standard done in mid-90s about same time as original
chip 'n pin standard ... some refs:
http://www.garlic.com/~lynn/x959.html#x959

gave each hardware token unique private key w/o digital certificates
... countermeasure to replay attacks, static data, etc ... and harder to
compromise than magstripe.

some metaphors about current/magstripe paradigm

security proportional to risk metaphor; basically vulnerability to
skimming, evesdropping, data breaches, etc. value of the information to
the merchant is profit from transaction ... possibly couple dollars (or
to the transaction processor ... possibly couple of cents). value to the
attackers is the account balance/credit-limit. as a result, the crooks
can afford to possibly out-spend the defenders by factor of 100 times.

dual-use metaphor; information that is the target of the crooks, is
also information needed by dozen of business processes at millions
of locations around the planet. as a result, have claimed that
even if planet was buried under miles of information hiding
cryptography, it still couldn't stop information leakage.

...

long ago and far away, we had been brought in to consult with small
client/server startup that wanted to do payment transactions on their
server; the startup had also invented this technology called "SSL"
they wanted to use; the result is now frequently called "electronic
commerce"

then somewhat from having worked on electronic commerce, in the mid-90s,
we were asked to participate in the x9a10 financial standard working
group that had been given the requirement to preserve the integrity of
the financial infrastructure for *ALL* retail payments. the result was
x9.59 standard.

in the late 90s, somewhat in support of x9.59 standard ... needed a chip
that supported security proportional to risk ... aka possible to have a
chip where the cost for crook to compromise was greater than the
expected fraud benefit from the compromised chip (I had joked about
taking a $500 milspec part and aggresively cost reducing it by several
orders of magnitude while improving the integrity). At the same time,
the transit industry requested that it also be able to perform
transaction within elapsed time and (contactless) power constraint of
transit turnstyle.

some past refs to the AADS chip strawman
http://www.garlic.com/~lynn/x959.html#aads

for other topic drift, old ref to "yes card" exploit ... gone 404, but
lives on at the wayback machine:
http://web.archive.org/web/20030417083810/http://www.smartcard.co.uk/...

past posts mentioning "yes card" exploit:
http://www.garlic.com/~lynn/subintegrity.html#yescard

--
virtualization experience starting Jan1968, online at home since Mar1970

I don't think that such an insurance policy would work very well,
as ones that insure cash losses now have such an onerous claims
procedure it's not worth it (according to a relative who tried it).

Maybe you should revisit your claim that each mint has a secret
key, that needs to be loaded on each chip, even a chip that is an
*empty* wallet at the moment (but which is expected to have coins
loaded into it).  Did you perhaps mean that each mint has a public
certificate that need not be secret?  And coins are signed by the
Mint's secret key?

A master key compromise (or even rumors of one) would not result
in "you get robbed", it would result in "*everyone* holding the
currency gets robbed", because no one will accept the currency any
more, and no one can tell whose currency is legitimate and whose
is not (not even the owners).  I doubt that a compromise, say, of
the Silicoin Peso mint key would result in Silicoin transactions
in any other currency surviving, even assuming that those keys were
not compromised.  People panic.

There needs to be some reason why a software emulation of a Silicoin
cannot be used as one.  Since the logic is open-source, something
has to prevent a Softcoin implementing the logic Silicoin in software
(but with a back door permitting saving and restoring state, thereby
permitting double spending) and pretending to be a Silicoin.  That
would probably be a secret it holds (there isn't much else left as
a possibility).  And if that secret gets out, the system is in trouble
(although it doesn't have to be a global secret).

Hmm, that means that spending or receiving a one cent coin costs
almost one cent in used up chip slots, and there would be lots of
that involved in making change.  Hmm... is having denominations in
powers of 2 optimal to minimize transaction costs (measured in chip
slots used) for random transaction amounts between, say, $10 and
$500?  It sounds like rounding to the nearest dollar (after sales
taxes) will be popular.  This is not a good "micropayments" system.

A random amount in the vicinity of $100 - $163 takes 14 bits to
represent as a binary number, and if you have binary coin denominations,
I think it would take on average exchange of 7 coins (or 6.1 cents
on a $100 transaction, which isn't too bad, especially compared to
existing credit/debit cards).  Percentage-wise, it's even better
for larger transactions.  And you could cut that cost in half using
only whole-dollar amounts.  What's an average debit/credit card
transaction with today's system?

If you have to trust whatever terminal is used, that's a problem.
And if I can design a terminal, someone else can design a rogue one
that looks like a real one.  Especially if the Silicoin doesn't
have a keypad for the user to enter the transaction amount on it,
there's a lot of mischief a rogue terminal, perhaps installed by a
rogue merchant, or perhaps by some thief with access to substitute
terminals, can do - even if it can't create money out of thin air.
Of course, this applies equally to credit card terminals used now.
Keypads would increase the cost of transactions, especially on chips
that get used up.

I certainly hope that future terminals will *NOT* permit transactions
unknown to the coin owner (e.g. toll sidewalks) where coins are
taken while the chip is still in your pocket.  Things like RFID are
inappropriate technology for payment systems.  "You can carry your
chip in a shielded wallet" is not an excuse and does not apply while
you are standing in line at the checkout counter.  I wouldn't mind
one so much where you had to stick your hand (with the chip in it)
into a coil (which does the power induction) to make it register.

It would seem like something like Amazon.com checkout would need
whole racks full of Silicoins that would get used up in a day.

As long as it covers a different area of use it's not necessarily
a problem.

        Stefan

On 2011-11-08, Gordon Burditt <gordonb.pg...@burditt.org> wrote:

The optimal is powers of 3 (of e if you could get it but 3 is close
enough).-- n different symbols and ln(N)/ln(n) places or n ln(N)/ln(n)
symbols used to designate all numbers of size N.
To minimize this, we have 1/ln(n)-1/ln(n)^2 =0 or ln(n)=1--> n=e

and 9 trits.

[snip]

A verifying display might be cheaper than a full keypad.
A two character marquee might be appropriate/adequate.
(One would presumably need at least a confirm button and a
cancel button could be useful [with a (near)contact-based
interface, removal could be considered canceling].)

OTOH, one's personal, trusted interface ('wallet'?) could
be relatively expensive (but need not be especially
expensive) and separate from the 'coin' itself.

Yes, presumably www.silicoin.com

The usual 1,2,5 set (recurring for powers of ten) makes for fairly
efficient change and avoids inconvenient (to humans) numbers.

Making change will cost extra transactions though, presumably.  Or you
run into a fragmentation problem (running out of $5 coins but having
plenty of $10, for example.)

Cheers,

--
Andrew

On Nov 7, 11:35 pm, "Paul A. Clayton" <paaronclay...@gmail.com> wrote:

Micropayments are a target market for Silicoin. Penny purchases of
newpaper articles and game sessions woulds become more common. As the
years go by, economies of scale will drive the prices down for
Silicoin hardware :

Silicoin price by year - number of anti-fuse codes that prevent
duplicate payments
$87 - 2012 - 10k
$27 - 2013 - 20k
$10 - 2014 - 100k
$ 6 -  2015 - 600k
$ 2 - 2016 - 7 meg

Paying uses up one code blown into anti-fuses on the Xilinx FPGA or
custom IC.
Receiving a payment does not take one code per payment, it takes one
code per session. Many payments can be added together to create a
total of money in an account at a retailer. Then one anti-fuse code is
blown to represent a total balance. That way, big retailers do not
need to exhaust the anti-fuse resources as fast as individual buyers
do, combined. Anti-fuses cannot be erased with x-rays, UV light or
electricity. They are controlled by on-chip programs that use VISTI
(variable instruction set terminus infrastructure) which has unique
instruction sets defined under a cryptographic Key.

In the preferred embodiment in 2017, a single chip would be powered
inductively and create a projected keyboard on a table and a projected
monitor on a wall using lasers. This integration creates a secured
Computer Vault for cash flow control under open source algorithms for
trustworthy monetary accounting in a person's possession. Two
Silicoins would then communicate with each other using laser links so
that cash payments can go on in private and the cops won't see nuttin.

Ok,

I am gonna post funny question for you:

How does Silicoin protect against the "maffia" who will start producing
"FakeSilicoin".

The FakeSilicoin allows double/re-spending of money because it does not use
"fuses". Apperently those "fuses" prevent double spending in Silicoin ?

Also if a hack is found, this name will quickly turn into SillyCoin =D

Are you trolling us ? makes me wonder ? ;)

Bye,
  Skybuck :)

"
But Silicoin has advantages over paper money or Bitcoin or Credit
Cards
"

"
2 Mints from compliant governments can create a root for currency
Exchange (Isle of Man).
"

I don't like this idea very much... the whole idea of bitcoin is probably to
cut out the goverment and banking world.

The goverments have huge debts, and the banking world seems to have created
it.

If bitcoin does become populair then it will probably be because of the big
system crash that's about to happen.

Greece, Italy, Spain, Portugal, Europe, America's next ?

Maybe there will be a big war between USA and China, China demanding
resources from USA in return for debt lowering, if USA refused, then China
start the war.

After the system has crashed and people loose their money, or after the war,
people do not want to go back to the goverments/banks that caused the crash
and war in the first place, and then bitcoin could be the next best/big
thing ;) :)

It will be interesting to see if goverments try to lower the popularity of
bitcoin by starting to mine bitcoins themselfes.

I would not be surprised if they would start big bitcoin mining facilities
the size the world has never seen before ! ;)

Or maybe they simply use their already existing super computers to mine for
some bitcoins ! ;) :)

Then the shit with the debt probably starts all over again ! ;) =D

Bye,
  Skybuck =D

I'm deeply sorry, but this approach has a critical drawback: no government
will be able to produce counterfeit money (aka "monetary policy"), so the
idea will new be implemented.

     Best regards,
     Piotr Wyderski

Once again: no single individual (or a small group of them) is the
real problem, because their net contribution to forgery is relatively
small and is typically in order of 10e6 USD/EUR. And how easy was
it for Helicopter Ben to say: "The U.S. government has a technology,
called a printing press (or today, its electronic equivalent), that allows
it to produce as many U.S. dollars as it wishes at no cost."?
Currently the same is being done in Europe and only small Slovakia
had balls to say "nay"...

     Best regards,
     Piotr Wyderski